Jump to content

lolsekolah

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Marius, thanks for the advice, I'll do that Thanks
  2. Hi Marius, I have another question. Previously I did a scan with Malwarebytes Anti-Malware under your instructions. Today I went to look at the Quarantine tab, there are threats registered there. Do I press the 'Delete' or 'Delete all'? By doing it does it mean I'm deleting these threats for good (like, erase them off my system)? Should I delete them? Thanks
  3. Hi Marius, thanks for the affirmation. I believe my problem is completely solved, I'll watch out for myself more carefully now though I probably won't stop being paranoid. Thanks for your help over these few days, thumbs up to you guys helping out to those in trouble
  4. Hi Marius, I've checked the 'Hidden' box and now the folder is hidden properly, though, I'm still puzzled at why did the folder only appear yesterday as it did not showed up any once before I got the spigot (I guess I'm being too paranoid). For now, I guess I'll just be extra watchful for my laptop whether it is infected with malicious stuff or suffers from any effects of a virus. I hope you won't mind if I ask some questions:1) Can you tell me about what the spigot redirect virus can actually do to my laptop and what harm it could bring?2) After cleaning up, I assume that my laptop is no longer 100% safe and more vulnerable. Is it still safe for me to do things like online purchase or processes where personal information is required? Sorry for the long-winded questions. Thanks
  5. Hi Marius, I am done with almost everything but the $RECYCLE.BIN still bothers me. I changed the settings to Hide hidden files and folders, but it did not work and the folder remains there. In fact, it didn't look translucent like how hidden folders are like when it is visible. The properties are disturbing as well, it shows "1 Files, 4 Folders" when there's nothing in it nor in the Recycle Bin, and the size is 129bytes and 4.00KB on disk, and the numbers haven't changed at all. I don't know if I'm just being paranoid but it is really bothering me. Thanks
  6. Hi Marius, have done all the above but have a few queries: 1)What is Defogger? Did we used that? 2)There's still a AdwCleaner folder in my : C drive, do I delete it manually? 3)An ESET Online Scanner folder remains, do I delete manually as well? 4)The $RECYCLE.BIN still lingers in my : D drive (while it's gone from my : C drive), I'm really paranoid of this being a virus Thanks
  7. Hi Marius, thanks for the confirmation, I do feel relieved now Here's the log from adwCleaner # AdwCleaner v3.004 - Report created 19/09/2013 at 16:56:34# Updated 15/09/2013 by Xplode# Operating System : Windows 8 (64 bits)# Username : tiongahbang - TIONGAHBANG# Running from : C:\Users\tiong\Downloads\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16688 -\\ Google Chrome v29.0.1547.66 [ File : C:\Users\tiong\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\tiong\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [942 octets] - [19/09/2013 16:53:45]AdwCleaner[s0].txt - [866 octets] - [19/09/2013 16:56:34] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [925 octets] ########## And here's the one from SecurityCheck Results of screen317's Security Check version 0.99.73 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Reader 10.1.8 Adobe Reader out of Date! Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MsMpEng.exe Trend Micro AMSP coreServiceShell.exe Trend Micro UniClient UiFrmWrk uiWatchDog.exe Trend Micro AMSP coreFrameworkHost.exe Trend Micro AMSP AMSP_LogServer.exe Trend Micro UniClient UiFrmWrk uiSeAgnt.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Thanks
  8. Hi Marius, my Chrome browser and Internet Explorer no longer suffer from the redirect to yahoo spigot page, so can I assume the spigot is gone now? But before I proceed with the cleanup, I have an issue here: there is now a $RECYCLE.BIN folder in my hard disks (:C and ). I've read that it could be a virus or just a hidden folder, but I'm suspecting it to be a virus because: 1)I changed my setting to show hidden files and folders long before but this folder did not show up till yesterday 2)I tried changing the settings to hide hidden files and folders, but the folder still shows up. Is it really a virus? I'm really devastated, can you advice me on this issue? Thanks
  9. Hi MrCharlie thanks for replying, here are the logs dds DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16688Run by tiongahbang at 23:28:34 on 2013-09-18Microsoft Windows 8 6.2.9200.0.932.81.1033.18.12173.9341 [GMT 8:00].AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Tablet\Pen\WTabletServiceCon.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exeC:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exeC:\Windows\system32\AdminService.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\windows\system32\mfevtps.exeC:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Windows\system32\EscSvc64.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\System32\LogonUI.exeC:\Windows\System32\dwm.exeC:\Windows\System32\dwm.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exeC:\Program Files\ASUS\P4G\BatteryLife.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exeC:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exeC:\Windows\system32\taskhostex.exeC:\Windows\Explorer.EXEC:\Program Files\Tablet\Pen\Pen_TabletUser.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exeC:\Program Files\Tablet\Pen\WacomHost.exeC:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exeC:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Program Files\Tablet\Pen\Pen_TouchUser.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\ASUS\Splendid\ACMON.exeC:\Windows\SysWOW64\ACEngSvr.exeC:\Windows\system32\igfxpers.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files\Trend Micro\AMSP\coreServiceShell.exeC:\Program Files (x86)\Bamboo Dock\BambooCore.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exeC:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exeC:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exeC:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreserveBHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dllBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dllBHO: 85CD7B47-1F00-1362-11AE-1A8ED03ED6D0 Class: {85CD7B47-1F00-1362-11AE-1A8ED03ED6D0} - BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLLBHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dllBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLLmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /SmRun: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exeStartupFolder: C:\Users\tiong\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0IE: & - <no file>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dllTCP: NameServer = 202.65.242.50 202.65.242.46 192.168.1.1TCP: Interfaces\{5EF04FEA-E34D-4068-9435-E6CDCC49B528} : DHCPNameServer = 202.65.242.50 202.65.242.46 192.168.1.1TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5} : DHCPNameServer = 202.65.242.50 202.65.242.46 192.168.1.1TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5}\140707C6562E08993702960586F6E656 : DHCPNameServer = 165.21.83.88 165.21.100.88TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5}\14474756E64616E636560465963647F6279616A434 : DHCPNameServer = 203.92.64.194 203.92.84.194TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5}\75962756C65637370465963647F6279616A434 : DHCPNameServer = 203.92.64.194 203.92.84.194Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLLHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dllHandler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dllAppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll C:\Windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg.dllx64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dllx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLLx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [btPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exex64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"x64-mPolicies-Explorer: NoDrives = dword:0x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dllx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg.dllx64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============..=============== Created Last 30 ================.2013-09-18 14:59:06 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6DF1ECCC-A71B-4FE0-AB96-C0ED5C7769FC}\offreg.dll2013-09-18 13:59:44 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6DF1ECCC-A71B-4FE0-AB96-C0ED5C7769FC}\mpengine.dll2013-09-18 12:15:25 -------- d-----w- C:\Program Files (x86)\ESET2013-09-17 15:58:12 -------- d-----w- C:\$RECYCLE.BIN2013-09-17 15:20:33 256000 ----a-w- C:\Windows\PEV.exe2013-09-17 15:20:33 208896 ----a-w- C:\Windows\MBR.exe2013-09-17 15:20:32 98816 ----a-w- C:\Windows\sed.exe2013-09-17 14:09:16 -------- d-----w- C:\Users\tiong\AppData\Roaming\Malwarebytes2013-09-17 14:08:21 -------- d-----w- C:\ProgramData\Malwarebytes2013-09-17 14:08:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-09-17 14:08:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-17 12:49:00 9694160 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-09-12 23:23:34 965008 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14983E97-C3EB-4FD9-B59F-96627E4C4916}\gapaengine.dll2013-09-11 13:08:57 4038144 ----a-w- C:\Windows\System32\win32k.sys.==================== Find3M ====================.2013-09-18 13:49:34 408 ----a-w- C:\Users\tiong\AppData\Roaming\sp_data.sys2013-09-05 20:09:17 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-05 20:09:17 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys2013-06-30 22:30:14 67072 ----a-w- C:\Windows\SysWow64\openfiles.exe2013-06-30 22:29:22 77312 ----a-w- C:\Windows\System32\openfiles.exe2013-06-29 06:15:54 195416 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-06-29 06:15:47 125784 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-06-29 05:43:16 327512 ----a-w- C:\Windows\System32\drivers\Classpnp.sys2013-06-29 01:12:01 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-06-26 03:01:38 321536 ----a-w- C:\Windows\System32\drivers\udfs.sys2013-06-26 02:59:34 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys2013-06-24 22:54:52 447488 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-24 22:54:45 74240 ----a-w- C:\Windows\System32\wcmcsp.dll2013-06-24 22:54:45 263680 ----a-w- C:\Windows\System32\wcmsvc.dll2013-06-20 19:05:36 35272 ----a-w- C:\Windows\xinstaller.exe2013-06-20 19:05:34 80328 ----a-w- C:\Windows\xinstaller.dll.============= FINISH: 23:29:28.70 =============== attach .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume1Install Date: 10/3/2013 11:28:45 PMSystem Uptime: 18/9/2013 12:07:18 AM (23 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | K55VJProcessor: Intel® Core i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 279 GiB total, 130.189 GiB free.D: is FIXED (NTFS) - 398 GiB total, 134.394 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP30: 25/8/2013 3:41:11 PM - Scheduled CheckpointRP31: 13/9/2013 8:09:31 AM - Windows UpdateRP32: 17/9/2013 11:20:41 PM - ComboFix created restore point.==== Installed Programs ======================.Adobe AIRAdobe Reader X (10.1.8) MUIASUS Instant ConnectASUS InstantOnASUS LifeFrame3ASUS Live UpdateASUS Power4Gear HybridASUS Smart GestureASUS Splendid Video Enhancement TechnologyASUS TutorASUS USB Charger PlusASUS WebStorage Sync AgentASUSDVDAsusVibe2.0ATK PackageBamboo DockCorel Painter Essentials 4EPSON L210 Series Printer UninstallEPSON ScanEpson User's Guide L210 SeriesESET Online Scanner v3foobar2000 v1.2.4Google ChromeGoogle Update HelperIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® SDK for OpenCL - CPU Only Runtime PackageIntelR Trusted Connect Service ClientMalwarebytes Anti-Malware version 1.75.0.1300Microsoft Office Professional Plus 2013 - en-usMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Mp3tag v2.57NVIDIA 3D Vision Driver 306.97NVIDIA Control Panel 306.97NVIDIA Graphics Driver 306.97NVIDIA HD Audio Driver 1.3.18.0NVIDIA Install ApplicationNVIDIA Optimus 1.10.8NVIDIA PhysXNVIDIA PhysX System Software 9.12.0613NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.10.8NVIDIA Update ComponentsOffice 15 Click-to-Run Extensibility ComponentOffice 15 Click-to-Run Licensing ComponentOffice 15 Click-to-Run Localization ComponentopenCanvas LiteQualcomm Atheros Client Installation ProgramRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderShared C Run-time for x64Trend Micro TitaniumTrend Micro Titanium Internet SecurityUpdate for Japanese Microsoft IME Postal Code DictionaryUpdate for Japanese Microsoft IME Standard DictionaryUpdate for Japanese Microsoft IME Standard Extended DictionaryVLC media player 2.0.6WacomWebTablet FB Plugin 32 bitWebTablet FB Plugin 64 bitWindows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)WinFlashWinRAR 4.20 (64-bit)微??音?捷 2012 流行??更新 (KB2723161).==== Event Viewer Messages From Past Week ========.18/9/2013 8:11:13 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.18/9/2013 12:10:52 AM, Error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the file specified.18/9/2013 12:10:52 AM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the file specified.18/9/2013 12:10:52 AM, Error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the file specified.18/9/2013 12:08:38 AM, Error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The system cannot find the file specified.18/9/2013 12:08:38 AM, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the file specified.18/9/2013 12:08:38 AM, Error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The system cannot find the file specified.17/9/2013 11:58:09 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.17/9/2013 11:57:18 PM, Error: Application Popup [1060] - 17/9/2013 10:33:29 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a pre-shutdown control.13/9/2013 9:18:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Windows 8 for x64-based Systems (KB2871389).13/9/2013 9:18:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Windows 8 for x64-based Systems (KB2862768).13/9/2013 9:18:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2836946).13/9/2013 11:29:05 PM, Error: Service Control Manager [7034] - The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== roguekiller report RogueKiller V8.6.12 _x64_ [sep 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : tiongahbang [Admin rights]Mode : Scan -- Date : 09/18/2013 23:34:19| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD7500BPVT-80HXZT3 +++++--- User ---[MBR] 5121ed68627e23ab97862d4b9d9f4d5e[bSP] 4816b00b2e7efa2cda2c0a65fdf3e385 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09182013_233419.txt >> Thanks
  10. I am only in the middle of cleaning my laptop of spigot redirect virus and only just now I discovered this $RECYCLE.BIN folder in my hard drives, I googled about it and found mixed opinions about it being a feature of the system and about it being a virus that causes crazy damage more than spigot from what I've read. This came to be a devastating blow to me as I've yet to resolve the spigot virus, can anyone tell me if this is a virus? I really have no idea about how this virus found its way into my laptop and I'm really depressed. If it is a virus, can anyone enlighten me on how to remove it? Thank you
  11. Hi Marius, here are the logs Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.09.18.05 Windows 8 x64 NTFSInternet Explorer 10.0.9200.16688tiongahbang :: TIONGAHBANG [administrator] 18/9/2013 5:40:05 PMmbam-log-2013-09-18 (17-40-05).txt Scan type: Full scan (C:\|D:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 495373Time elapsed: 2 hour(s), 25 minute(s), 41 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 14HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) There's not threat found so there was no log generated for the eset scan, does it mean the system is cleaned? Thanks
  12. Hi Marius here's the log ComboFix 13-09-17.01 - tiongahbang 9/2013 Tue 23:50:42.2.8 - x64Microsoft Windows 8 6.2.9200.0.932.81.1033.18.12173.9959 [GMT 8:00]Running from: c:\users\tiong\Downloads\ComboFix.exeAV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\SetStretch.exec:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\tiong\AppData\Local\Microsoft\Windows\Temporary Internet Files\tipcondition_v1.3.dat..((((((((((((((((((((((((( Files Created from 2013-08-17 to 2013-09-17 )))))))))))))))))))))))))))))))..2013-09-17 15:58 . 2013-09-17 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-17 15:58 . 2013-09-17 15:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-09-17 15:58 . 2013-09-17 15:58 -------- d-----w- c:\users\Guest\AppData\Local\temp2013-09-17 14:09 . 2013-09-17 14:09 -------- d-----w- c:\users\tiong\AppData\Roaming\Malwarebytes2013-09-17 14:08 . 2013-09-17 14:08 -------- d-----w- c:\programdata\Malwarebytes2013-09-17 14:08 . 2013-09-17 14:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-09-17 14:08 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-17 12:49 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0B5B415-BF9E-4CC8-B6BA-3A200259FAA4}\mpengine.dll2013-09-13 01:22 . 2013-09-13 01:22 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp2013-09-12 23:23 . 2013-09-04 13:58 965008 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14983E97-C3EB-4FD9-B59F-96627E4C4916}\gapaengine.dll2013-09-11 13:09 . 2013-08-21 04:11 19246592 ----a-w- c:\windows\system32\mshtml.dll2013-09-11 13:08 . 2013-08-03 04:30 4038144 ----a-w- c:\windows\system32\win32k.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-17 14:35 . 2013-03-10 15:31 408 ----a-w- c:\users\tiong\AppData\Roaming\sp_data.sys2013-09-13 01:15 . 2013-03-11 10:13 79143768 ----a-w- c:\windows\system32\MRT.exe2013-09-12 23:23 . 2013-03-19 08:46 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe2013-09-05 20:09 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-05 20:09 . 2012-07-26 08:14 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-21 10:00 . 2013-03-11 09:13 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin2013-07-13 06:18 . 2013-08-14 08:04 337408 ----a-w- c:\windows\system32\wintrust.dll2013-07-13 06:16 . 2013-08-14 08:04 1889280 ----a-w- c:\windows\system32\crypt32.dll2013-07-13 06:16 . 2013-08-14 08:04 68096 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-13 06:15 . 2013-08-14 08:04 98304 ----a-w- c:\windows\system32\apprepsync.dll2013-07-13 06:15 . 2013-08-14 08:04 124416 ----a-w- c:\windows\system32\apprepapi.dll2013-07-13 04:24 . 2013-08-14 08:04 261120 ----a-w- c:\windows\SysWow64\wintrust.dll2013-07-13 04:23 . 2013-08-14 08:04 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll2013-07-13 04:23 . 2013-08-14 08:04 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll2013-07-13 04:23 . 2013-08-14 08:04 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll2013-07-09 06:07 . 2013-08-14 08:05 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-07-02 00:44 . 2013-08-15 18:50 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys2013-07-01 22:08 . 2013-08-15 18:50 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys2013-06-20 19:05 . 2013-06-20 19:05 35272 ----a-w- c:\windows\xinstaller.exe2013-06-20 19:05 . 2013-06-20 19:05 80328 ----a-w- c:\windows\xinstaller.dll2013-06-20 11:09 . 2013-05-05 15:01 408 ----a-w- c:\users\Guest\AppData\Roaming\sp_data.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2013-09-12 23:25 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2013-09-12 23:25 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2013-09-12 23:25 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]2013-06-20 19:05 373704 ----a-w- c:\users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.70.(842).dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2013-03-08 95192]"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744].c:\users\tiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2013-9-13 158896].c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-11-20 549040].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0)"EnableCursorSuppression"= 1 (0x1)"ConsentPromptBehaviorUser"= 3 (0x3).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\NVIDIA~1\3DVISI~1\nvStInit.dll c:\windows\SysWOW64\nvinit.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]R0 tmel;tmel;c:\windows\system32\DRIVERS\tmel.sys;c:\windows\SYSNATIVE\DRIVERS\tmel.sys [x]R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 hidkmdf;KMDF Driver;c:\windows\System32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys;c:\windows\SYSNATIVE\DRIVERS\TMEBC64.sys [x]S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]S2 AtherosSvc;AtherosSvc;c:\windows\system32\AdminService.exe;c:\windows\SYSNATIVE\AdminService.exe [x]S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 tmusa;Trend Micro Osprey Driver;c:\windows\system32\DRIVERS\tmusa.sys;c:\windows\SYSNATIVE\DRIVERS\tmusa.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]XLServicePlatform REG_MULTI_SZ XLServicePlatform.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-07 00:15 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11 09:47].2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11 09:47]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]2013-09-12 23:25 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]2013-09-12 23:25 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]2013-09-12 23:25 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-31 170304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-31 398656]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-08-25 107192]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2013-05-29 1374328]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-02-04 209712].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\progra~2\NVIDIA~1\3DVISI~1\nvStInit64.dll c:\windows\System32\nvinitx.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: &迅雷下?到手机 - http://static.u.155.com/shoulei/shouleidl.htmIE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105TCP: DhcpNameServer = 202.65.242.50 202.65.242.46 192.168.1.1.- - - - ORPHANS REMOVED - - - -.BHO-{85CD7B47-1F00-1362-11AE-1A8ED03ED6D0} - c:\program files (x86)\Thunder Network\Thunder\BBInside\{85CD7B47-1F00-1362-11AE-1A8ED03ED6D0}\AddressBar.dllToolbar-Locked - (no file)Wow6432Node-HKCU-Run-BambooScribe.exe - c:\program files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exeWow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exeWow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exeBHO-{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - (no file)Toolbar-Locked - (no file)HKLM-Run-BtPreLoad - c:\program files (x86)\Bluetooth Suite\BtPreLoad.exeAddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-812081695-3912098186-1946200493-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\MenuExt\&*譲・N}・RKb:g]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (S-1-15-2-1)@="http://static.u.155.com/shoulei/shouleidl.htm""Contexts"=dword:00000022.[HKEY_USERS\S-1-5-21-812081695-3912098186-1946200493-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*0・]w(*F*L*A*C*)*D烹*K*\OpenWithList]@Class="Shell""a"="foobar2000.exe""MRUList"="a".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone)@SACL=(02 0000).Completion time: 2013-09-18 00:01:09ComboFix-quarantined-files.txt 2013-09-17 16:01.Pre-Run: 140,558,864,384 bytes freePost-Run: 140,526,825,472 bytes free.- - End Of File - - 378C77DEA1A3DB3E165B2038B871EAFA Just a few questions, I found my desktop wallpaper to be removed, is it temporary or do I just change it back myself? And may I ask if the programs used here can be removed easily without leaving traces in the system? Just a bit concerned due to my personality, hope you won't mindThanks
  13. Hi Marius thanks for your reply, here's the log aswMBR version 0.9.9.1771 Copyright© 2011 AVAST SoftwareRun date: 2013-09-17 23:05:45-----------------------------23:05:45.462 OS Version: Windows x64 6.2.9200 23:05:45.462 Number of processors: 8 586 0x3A0923:05:45.462 ComputerName: TIONGAHBANG UserName: tiongahbang23:05:47.138 Initialze error 1 23:09:58.328 AVAST engine defs: 1309170023:10:15.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003f23:10:15.753 Disk 0 Vendor: WDC_WD7500BPVT-80HXZT3 01.01A01 Size: 715404MB BusType: 1123:10:15.797 Disk 0 MBR read successfully23:10:15.800 Disk 0 MBR scan23:10:15.815 Disk 0 unknown MBR code23:10:15.820 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 123:10:15.836 Disk 0 scanning C:\Windows\system32\drivers23:10:15.840 Service scanning23:10:16.460 Modules scanning23:10:16.466 Disk 0 trace - called modules:23:10:16.475 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 23:10:16.483 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800c8ef060]23:10:16.489 3 CLASSPNP.SYS[fffff88000a8ce0a] -> nt!IofCallDriver -> [0xfffffa800a6b7c00]23:10:16.495 5 ACPI.sys[fffff88000e93a91] -> nt!IofCallDriver -> \Device\0000003f[0xfffffa800a6b7060]23:10:16.502 AVAST engine scan C:\Windows23:10:16.509 AVAST engine scan C:\Windows\system3223:10:16.516 AVAST engine scan C:\Windows\system32\drivers23:10:16.523 AVAST engine scan C:\Users\tiong23:10:16.530 AVAST engine scan C:\ProgramData23:10:16.536 Scan finished successfully23:10:22.321 Disk 0 MBR has been saved successfully to "C:\Users\tiong\Documents\MBR.dat"23:10:22.333 The log file has been saved successfully to "C:\Users\tiong\Documents\aswMBR.txt"
  14. Hi I'm not very skilled or knowledgeable in IT so I'm really having a hard time now, apparently I found my laptop to be infected with the spigot redirect virus after reading up online and finding similar symptoms. I believe I've gotten it while I updated my bittorent a few days ago, I've since removed it and the spigot search protection that were showing up in the control panel, but the problem of redirecting still persists and I'm really worried and scared that it would harm my computer and compromise my safety in any way (as I heard that it may steal information and such). I'm new to the forum so I may not be familiar with all the things around but I'll try to comprehend. Here are the dds and attach DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16688Run by tiongahbang at 22:45:33 on 2013-09-17Microsoft Windows 8 6.2.9200.0.932.81.1033.18.12173.9997 [GMT 8:00].AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\Tablet\Pen\WTabletServiceCon.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exeC:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Trend Micro\AMSP\coreServiceShell.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exeC:\Windows\system32\AdminService.exeC:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exeC:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\windows\system32\mfevtps.exeC:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Windows\system32\EscSvc64.exeC:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exeC:\Program Files\ASUS\P4G\BatteryLife.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exeC:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exeC:\Windows\system32\taskhostex.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exeC:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Tablet\Pen\Pen_TabletUser.exeC:\Program Files\Tablet\Pen\WacomHost.exeC:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Program Files\Tablet\Pen\Pen_TouchUser.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\ASUS\Splendid\ACMON.exeC:\Windows\system32\igfxpers.exeC:\Windows\SysWOW64\ACEngSvr.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\Bamboo Dock\BambooCore.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\System32\svchost.exe -k swprvC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\vssvc.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dllBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dllBHO: 85CD7B47-1F00-1362-11AE-1A8ED03ED6D0 Class: {85CD7B47-1F00-1362-11AE-1A8ED03ED6D0} - BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLLBHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dllBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLLuRun: [bambooScribe.exe] "C:\Program Files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe" /imRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /SmRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exemRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"StartupFolder: C:\Users\tiong\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXEStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exeIE: &迅雷下?到手机 - <no file>IE: & - <no file>IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dllTCP: NameServer = 202.65.242.50 202.65.242.46 192.168.1.1TCP: Interfaces\{5EF04FEA-E34D-4068-9435-E6CDCC49B528} : DHCPNameServer = 202.65.242.50 202.65.242.46 192.168.1.1TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5} : DHCPNameServer = 202.65.242.50 202.65.242.46 192.168.1.1TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5}\140707C6562E08993702960586F6E656 : DHCPNameServer = 165.21.83.88 165.21.100.88TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5}\14474756E64616E636560465963647F6279616A434 : DHCPNameServer = 203.92.64.194 203.92.84.194TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5}\75962756C65637370465963647F6279616A434 : DHCPNameServer = 203.92.64.194 203.92.84.194Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLLHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dllHandler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dllAppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\Windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg.dllx64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dllx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLLx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [btPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exex64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dllx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg.dllx64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-22 771536]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-22 340216]R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2012-10-9 30056]R0 TMEBC;TMEBC;C:\Windows\System32\Drivers\TMEBC64.sys [2013-3-11 46392]R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-8 17536]R1 tmevtmgr;tmevtmgr;C:\Windows\System32\Drivers\tmevtmgr.sys [2013-3-11 77184]R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-3-11 310952]R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-14 277120]R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2012-8-29 208384]R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-3-21 135824]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-21 635104]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-20 166720]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-8-5 241456]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-8-5 218760]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-5 182752]R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-19 1901752]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\Drivers\tmusa.sys [2013-3-11 92456]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-20 365376]R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-3-11 619904]R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-25 17152]R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-29 565760]R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-9-4 21152]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-4 342528]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-22 309840]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-22 515968]R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-11-20 294544]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-20 683664]R3 tmeevw;tmeevw;C:\Windows\System32\Drivers\tmeevw.sys [2013-3-11 94520]S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-19 69168]S0 tmel;tmel;C:\Windows\System32\Drivers\tmel.sys [2013-3-11 34224]S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [?]S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [?]S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-22 70112]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-2-6 102936]S3 hidkmdf;KMDF Driver;C:\Windows\System32\Drivers\hidkmdf.sys [2013-3-11 13728]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-3-11 196440]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-22 106552]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-2-6 203544]S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\Drivers\wachidrouter.sys [2013-3-11 81824]S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\Drivers\wacomrouterfilter.sys [2013-3-11 15776]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656].=============== Created Last 30 ================.2013-09-17 14:09:16 -------- d-----w- C:\Users\tiong\AppData\Roaming\Malwarebytes2013-09-17 14:08:21 -------- d-----w- C:\ProgramData\Malwarebytes2013-09-17 14:08:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-09-17 14:08:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-09-17 12:49:00 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0B5B415-BF9E-4CC8-B6BA-3A200259FAA4}\mpengine.dll2013-09-16 10:33:58 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-09-12 23:23:34 965008 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14983E97-C3EB-4FD9-B59F-96627E4C4916}\gapaengine.dll2013-09-11 13:08:57 4038144 ----a-w- C:\Windows\System32\win32k.sys.==================== Find3M ====================.2013-09-17 14:35:00 408 ----a-w- C:\Users\tiong\AppData\Roaming\sp_data.sys2013-09-05 20:09:17 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-09-05 20:09:17 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys2013-06-30 22:30:14 67072 ----a-w- C:\Windows\SysWow64\openfiles.exe2013-06-30 22:29:22 77312 ----a-w- C:\Windows\System32\openfiles.exe2013-06-29 06:15:54 195416 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-06-29 06:15:47 125784 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-06-29 05:43:16 327512 ----a-w- C:\Windows\System32\drivers\Classpnp.sys2013-06-29 01:12:01 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-06-26 03:01:38 321536 ----a-w- C:\Windows\System32\drivers\udfs.sys2013-06-26 02:59:34 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys2013-06-24 22:54:52 447488 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-24 22:54:45 74240 ----a-w- C:\Windows\System32\wcmcsp.dll2013-06-24 22:54:45 263680 ----a-w- C:\Windows\System32\wcmsvc.dll2013-06-20 19:05:36 35272 ----a-w- C:\Windows\xinstaller.exe2013-06-20 19:05:34 80328 ----a-w- C:\Windows\xinstaller.dll.============= FINISH: 22:45:44.22 =============== attach .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume1Install Date: 10/3/2013 11:28:45 PMSystem Uptime: 17/9/2013 10:33:46 PM (0 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | K55VJProcessor: Intel® Core i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 279 GiB total, 129.935 GiB free.D: is FIXED (NTFS) - 398 GiB total, 134.38 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP29: 14/8/2013 4:22:04 PM - Windows UpdateRP30: 25/8/2013 3:41:11 PM - Scheduled CheckpointRP31: 13/9/2013 8:09:31 AM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Reader X (10.1.8) MUIASUS Instant ConnectASUS InstantOnASUS LifeFrame3ASUS Live UpdateASUS Power4Gear HybridASUS Smart GestureASUS Splendid Video Enhancement TechnologyASUS TutorASUS USB Charger PlusASUS WebStorage Sync AgentASUSDVDAsusVibe2.0ATK PackageBamboo DockCorel Painter Essentials 4EPSON L210 Series Printer UninstallEPSON ScanEpson User's Guide L210 Seriesfoobar2000 v1.2.4Google ChromeGoogle Update HelperIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® SDK for OpenCL - CPU Only Runtime PackageIntelR Trusted Connect Service ClientMalwarebytes Anti-Malware version 1.75.0.1300Microsoft Office Professional Plus 2013 - en-usMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Mp3tag v2.57NVIDIA 3D Vision Driver 306.97NVIDIA Control Panel 306.97NVIDIA Graphics Driver 306.97NVIDIA HD Audio Driver 1.3.18.0NVIDIA Install ApplicationNVIDIA Optimus 1.10.8NVIDIA PhysXNVIDIA PhysX System Software 9.12.0613NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.10.8NVIDIA Update ComponentsOffice 15 Click-to-Run Extensibility ComponentOffice 15 Click-to-Run Licensing ComponentOffice 15 Click-to-Run Localization ComponentopenCanvas LiteQualcomm Atheros Client Installation ProgramRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderShared C Run-time for x64Trend Micro TitaniumTrend Micro Titanium Internet SecurityUpdate for Japanese Microsoft IME Postal Code DictionaryUpdate for Japanese Microsoft IME Standard DictionaryUpdate for Japanese Microsoft IME Standard Extended DictionaryVLC media player 2.0.6WacomWebTablet FB Plugin 32 bitWebTablet FB Plugin 64 bitWindows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)WinFlashWinRAR 4.20 (64-bit)微??音?捷 2012 流行??更新 (KB2723161).==== Event Viewer Messages From Past Week ========.17/9/2013 9:21:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.17/9/2013 10:37:31 PM, Error: Service Control Manager [7000] - The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the file specified.17/9/2013 10:37:31 PM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the file specified.17/9/2013 10:37:31 PM, Error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the file specified.17/9/2013 10:34:33 PM, Error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The system cannot find the file specified.17/9/2013 10:34:33 PM, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the file specified.17/9/2013 10:34:33 PM, Error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The system cannot find the file specified.17/9/2013 10:33:29 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a pre-shutdown control.13/9/2013 9:18:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Windows 8 for x64-based Systems (KB2871389).13/9/2013 9:18:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Windows 8 for x64-based Systems (KB2862768).13/9/2013 9:18:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2836946).13/9/2013 11:29:05 PM, Error: Service Control Manager [7034] - The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== Thanks, I hope there's a way to solve the problem and removing the spigot thing for good
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.